Good morning, Thanks for you replies, gents.
Makes sense. One last thing, I am not sure of: do I upload my master key's public part or the signing key's one to my mentors account? Regards, Daniel On Fri, 24 Jun 2022 at 20:42, Christian Kastner <[email protected]> wrote: > On 2022-06-24 18:40, Dániel Fancsali wrote: > > I thought, I'll create a separate subkey for signing the package (and > > keep my master key off-line, and the others keys separate from this > > debian-signing-subkey). Would that be considered good practice? Or is > > there something I can't see here? > > This is done quite commonly, actually. [1] and [2] have more info. > > Best, > Christian > > [1] https://wiki.debian.org/GnuPG/AirgappedMasterKey > > [2] https://wiki.debian.org/Subkeys > >
